Sunday, 9 January 2011

The SMH is full of crap

Nasty little story in the paper today about Vodafone - unfortunately, someone at the SMH has decided to juice up the story to make it sound much worse than it really is.

THE personal details of millions of Vodafone customers, including their names, home addresses, driver's licence numbers and credit card details, have been publicly available on the internet in what is being described as an ''unbelievable'' lapse in security by the mobile phone giant.

No you twit, they are not "publicly available". You need a username and password to access them. If they were publicly availably, I'd be looking up some people I don't like right now.

The Sun-Herald is aware of criminal groups paying for the private information of some Vodafone customers to stand over them.

Which criminal groups and when? How many times has this happened. Once? Twice? Provide some proof, not idle gossip.

Other people have apparently obtained logins to check their spouses' communications.

"Apparently" - which means it's gossip. No proof offered.

Personal details, accessible from any computer because they are kept on an internet site rather than on Vodafone's internal system, include which numbers a person has dialled or texted, plus from where and when.

They're only accessible from any computer if you have a username and password.

The full extent of the privacy breach is unknown but The Sun-Herald has learnt that possibly thousands of people have logins that can be passed around and used by anyone to gain full access to the accounts of about 4 million Vodafone customers.

This is really beating it up - "the full extent of the privacy breach is unknown" - makes it sound really bad. Plus the bit about "possibly thousands of people have logins" - of course thousands of people have logins; they've got thousands of employees and agents and call centre staff.

Professor Michael Fraser, the head of the Australian Communications Law Centre at the University of Technology, Sydney, said that it appeared to be a major breach of the company's privacy obligations and ''unbelievably slack security''.

Whenever a story needs a bit of credibility, always ask a professor.

''The fact you can look up anybody as easily as that seems to be a gross breach of privacy and resulting in an almost negligent exposure to criminal activity,'' said Professor Fraser, who also heads the Australian Communications Consumer Action Network.

''Customer information is accessed through a secure web portal, accessible to authorised employees and dealers via a secure login and password,'' he said.

The revelations come as Vodafone is facing potential lawsuits and widespread customer dissatisfaction with network access.

Irrelevant. If your story doesn't have enough heft, add in some bad news from elsewhere.

More than 9000 customers have joined a class action and the company has set up a number of taskforces to try to fix the problems.

In this new saga for Vodafone, dealers have revealed that they are frequently asked to do ''favours'' and to pass on their login details.

Ok, so dealers are frequently asked to do favours. The point is, do they actually provide the favours, or do they knock them back? Cops are also asked all the time to do favours like this on the police system - but as they know all access is monitored, they knock them back (the stupid ones don't, get caught and are sacked and charged).

Because the customer database is not an intranet (internal company system) and instead on the internet, users with a password can log in to the portal from anywhere, then access any customer's information.

So what? That's the whole idea.

Vodafone retailers have said each store has a user name and password for the system. That access is shared by staff and every three months it is changed. Other mobile dealers who sell Vodafone products also get full access to the database.

I'd imagine so. How are you supposed to connect new customers and help existing customers if you don't have access to the database? Duh.

Anyone with full access can look up a customer's bills and make changes to accounts. Limited access allows searching by name, which takes much longer and is more involved but can be just as effective when done correctly. ''It's scary stuff in the wrong hands,'' one dealer told The Sun-Herald.

Ooh, it's "scary stuff in the wrong hands". Sounds like the sort of quote you'd make up on a slow news day. Is it really scary stuff that I can walk into a store and ask the dealer to make changes to my account? I would have thought that is good stuff.

Disclaimer - I don't use Vodafone as their country coverage is not as good as Telstra. I don't particularly like or dislike them - I just hate media beatups.

4 comments:

Good thing they don't know how a university stores all its data and how that data and the university systems are accessed... many from anywhere with a username and password! How else would we do our work?